Threat hunting

Security Onion - Winlogbeat and Sysmon
setup

03 Juni
2020

This is a release on how to implemenet Winlogbeat and Sysmon
into Security Onion. Why This ? ....I could not find any good information on
how to get all these parts to work, with the Sysmon
and Winlogbeat for logcollection from Windows hosts to Security Onion.

It is free for anyone, and you will get pretty good monitoring of
your Windows hosts. And because it is build on top of the
Security Onion framework, it will give you a very strong way to
monitor your network traffic, Windows Servers and Windows clients logs.

As a free open source framework, this is proberly some of the best
tool sets you will find out there, to give visability on what is
happening in your enviorement. The logcollection is based on
NSA best pratice for
Windows event log colection and
the
MITRE Attacks framework.

MITRE attack framework
Right now it is covering 82
MITRE attacks,
and this is without counting any MITRE numbers in, on what is coverd
by Security
Onion alone.

You will get 54 dashboards with a total of 422 objects to look at. Happy
hunting.....